BeyondTrust and the Least Privilege Security Approach

BeyondTrust recently surveyed 25 customers about their use of BeyondTrust Privilege Manager, a security solution which adds a unique facet to the least privilege approach to granting access rights. In an ideal IT environment, users get only the privileges they need to access applications and hardware to do their jobs—they’re granted least privilege and no more. But rarely is an IT environment ideal—most organizations have one or more custom or third-party applications, for example, which require users to have elevated privileges to use. BeyondTrust Privilege Manager lets admins attach permission levels to Windows applications. Users can install approved applications and ActiveX controls, and run applications without needing admin privileges, and they don’t realize they’re being restricted as there are no pop-up windows or dialog boxes.

The BeyondTrust survey is by no means a scientific sampling, but the company says it offers insights into what customers moving to the least privilege approach are concerned about. “Certain organizations have power users—professional services firms, accounting consulting firms. They trust their users, but yet there’s a desire to lock down the desktop,” says BeyondTrust CEO John Moyer. How do BeyondTrust customers deal with these users? Two-thirds of those surveyed reduced admin privileges for users in their organizations by 90 percent, Moyer says.

A trend revealed in the survey indicates that companies are moving to eliminate administrator rights on their enterprise desktops not only for security reasons but for regulatory compliance. Not surprising if you consider that many BeyondTrust customers are in the healthcare, government, and accounting arenas. A surprising result was the finding that companies are using the least privilege approach to limit ActiveX controls. “We didn’t know that nine out of 10 companies would be preventing ActiveX controls. That’s a big red flag that shows us what folks in the marketplace view as a concern,” says Moyer.

The desire to save on costs, Moyer says, also drives companies to BeyondTrust’s solution. It costs more to manage a desktop environment where users log in as admins, he says.

BeyondTrust’s latest version, Privilege Manager 4.0, adds the capability for users to elevate their privileges on demand. To learn more about BeyondTrust and Privilege Manager, visit http://beyondtrust.com.